EP2686978A1 - Keyed pv signatures - Google Patents
Keyed pv signaturesInfo
- Publication number
- EP2686978A1 EP2686978A1 EP11861544.2A EP11861544A EP2686978A1 EP 2686978 A1 EP2686978 A1 EP 2686978A1 EP 11861544 A EP11861544 A EP 11861544A EP 2686978 A1 EP2686978 A1 EP 2686978A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- value
- correspondent
- signed message
- signature
- proof
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 20
- 238000012546 transfer Methods 0.000 abstract description 4
- 238000012795 verification Methods 0.000 description 14
- 230000006870 function Effects 0.000 description 12
- 230000002452 interceptive effect Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000009795 derivation Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 102100040837 Galactoside alpha-(1,2)-fucosyltransferase 2 Human genes 0.000 description 1
- 101000893710 Homo sapiens Galactoside alpha-(1,2)-fucosyltransferase 2 Proteins 0.000 description 1
- 101000882403 Staphylococcus aureus Enterotoxin type C-2 Proteins 0.000 description 1
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 150000001875 compounds Chemical class 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
Definitions
- Fig. 1 is a schematic representation of a data communication system.
- Fig. 2 is a representation of a cryptographic unit used in the system of Fig. 1.
- Fig. 9 is a schematic representation of a cryptographic unit used in the system of Fig. 1.
- FIG. 3 is a flowchart illustrating a second correspondent converting and transferring a first correspondent's keyed PV signature to the third part ⁇ '.
- Fig. 4 is a flowchart illustrating non-interactive proof and verification. DESCRIPTION
- the original Elliptic Curve Pintsov-Vanstone Signature scheme has been extended to the keyed Pintsov-Vanstone signature scheme (keyed PV, or kPV for short).
- Keyed PV is a signature scheme with confidential message recover ⁇ ', where only the intended recipient may recover part of the message. This is in contrast to some digital signature schemes where the message is public, and anyone ma ⁇ ' verify the signature, given the signer's public key.
- a PV scheme is described in commonly owned United States Patent Nos.
- the PV signature scheme (and variants) ma ⁇ ' be instantiated using the group of points on an elliptic curve.
- E( ⁇ q ) be the set of points on the elliptic curve E over the finite field with q elements. Each point has a pair of co-ordinates that are elements of the underlying finite field and satisfy the elliptic curve E.
- This set forms a group under a binary operation referred to as point addition.
- a generator of the subgroup of order n is denoted G, and all group arithmetic will take place in this subgroup.
- additive notation is used, e.g., for the sum of two points P and Q we write P+Q, and scalar multiplication by an integer k is kP.
- the signature schemes herein ma ⁇ ' be instantiated using an ⁇ ' finite abelian group. For example, we could use a subgroup of Zp. ; the group of integers modulo a prime p. In this case the group order is p- ⁇ , and the generator will again generate a subgroup of order n, where n ⁇ p- ⁇ .
- a message sent by a first correspondent to a second correspondent is divided into a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm.
- a first signature component is generated by encrypting the first portion alone.
- An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them.
- a second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion.
- a verification of the signature combines a first component derived from only from the hidden portion of the message with the visible portion and produces a hash of the combination.
- the computed hash is used together with publicly available information to generate a bit string corresponding to the hidden portion. If the required redundancy is present the signature is accepted and the message reconstructed from the recovered bit string and the visible portion.
- the keyed PV scheme starts with a signer (the first correspondent), with key pair (3 ⁇ 4,(3 ⁇ 4) on an appropriate elliptic curve.
- a data communication system 10 includes a pair of correspondents 12, 14 connected by a communication link 16 and a third part ⁇ ' 36 connected to at least the second correspondent 14 by a further communication link 38.
- correspondents 12, 14 are each a computing device, such as a personal computer, personal digital assistant, smart phone, cellular phone, ATM, Point-of-Sale device, server, entertainment system component, or other such device having a computing capability and provided to exchange digital information with other correspondents.
- the communication links 16, 38 ma ⁇ ' each be a telephone link, wireless or landline, local area network (LAN), RF link, or other such link provided to transfer information between the correspondents.
- correspondent 12 includes a cn ptographic unit 18 that communicates with a memory 20 and a processor 22.
- the correspondent ma ⁇ ' also include a data input unit 24, such as a keypad or card reader, and a display device, 26, depending on the intended purpose of the correspondent 12.
- the cn ptographic unit 18 is provided to manage secure communications between the correspondents 12, 14 over the communication link 16.
- the cryptographic unit 18 includes a secure memory 30, which ma ⁇ ' be part of the memory 20 or a separate memory module, and an arithmetic logic unit (ALU), 32, that operates under the control of the processor 22 to perform arithmetic operations necessary to implement a chosen cn ptographic protocol.
- the processor 22 includes one or more instruction sets to implement respective protocols.
- an ⁇ ' module or component exemplified herein that executes instructions ma ⁇ - include or otherwise have access to computer readable media such as storage media, computer storage media, or data storage devices (removable and/or non- removable) such as, for example, magnetic disks, optical disks, or tape.
- Computer storage media may include volatile and non-volatile, removable and non-removable media implemented in an ⁇ ' method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data, except transitory propagating signals per se.
- Examples of computer storage media include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or an ⁇ - other medium which can be used to store the desired information and which can be accessed by an application, module, or both.
- An ⁇ - such computer storage media ma ⁇ - be part of the cn ptographic unit or accessible or connectable thereto.
- An ⁇ ' application or module herein described ma ⁇ ' be implemented using computer readable/executable instructions that ma ⁇ ' be stored or otherwise held by such computer readable media.
- the memory 30 stores the parameters of the cryptosystem implemented by the cn ptographic unit 18.
- the cryptosystem is a public key elliptic cun ' e cryptosystem in which cn ptographic protocols are implemented based on the intractability of the discrete log problem in an elliptic curve group defined over a finite field.
- the memory 30 therefore stores the parameters of the curve, such as the generator point G and the order, n, of the elliptic curve group E.
- the examples provided herein refer to an elliptic curv e group E, but the same principles could also apph' to other groups, such as those for which the discrete logarithm problem is known to be hard to solve (e.g. in prime order subgroups of Zp*, w here p is a prime).
- the cryptographic unit 18 also includes a random number generator (RNG) 34, whose output is provided to memory 30 for use by the ALU 32.
- the memory 30 also stores secureh' an ephemeral private key x that is a bit string derived from the output of the random number generator 34.
- the first step in the keyed PV signature scheme requires all parties to agree on a set of domain parameters that are stored in the memory 30. These parameters include: 1. A suitable elliptic curve group of order n, with generator G (see SEC2:
- Example KDFs are given in NIST SP 800- 108 (NIST SP 800- 108, Recommendation for Key Derivation Using Pseudorandom Functions, National Institute of Standards and Technology, November, 2007), incorporated herein by reference. 4. A cryptographic hash function which maps arbitrary length inputs to fixed- length outputs. Example hash functions are the SHA-2 family, see FIPS PUB 180-2 (Federal Information Processing Standards Publication (FIPS PUB) 180-2. Specifications for the Secure Hash Standard, 2002), incorporated herein by reference. 5. Encoding methods to communicate values (integers, group elements, etc.) between parties (an example encoding could be specified by ASN.1).
- the signer and verifier must also agree upon a common encoding of lists of values as bitstrings before hashing them (for example: 1) convert all values to octet strings, then 2) concatenate hash of the octet strings).
- an encoding is require before deriving keys.
- encoding ma ⁇ ' incorporate additional information such as the date.
- Keyed PV Key generation by a first correspondent comprises: 1. Choose d A at random from [0, . . .
- the following algorithm performs a signature verification of a signed message (s.,c 1 .C2.. V) and recovers N 2 ., when provided with the first correspondent's public key, and the second correspondent's private key d B .
- signature verification can be performed by the second correspondent using the cryptographic unit 18 at the second correspondent.
- One aspect is a system and method enabling the recipient correspondent of a keyed PV signature to convert it to a signature with properties similar to a traditional signature (i.e., where the message is public and ma ⁇ ' be verified by anyone), removing the keyed aspect of the signature.
- This allows messages signed by the first correspondent with the keyed PV signature scheme to be transferred from the first correspondent to the second correspondent in a non-repudiable fashion: the first correspondent cannot den ⁇ ' having signed a message, and the second correspondent cannot den ⁇ ' having converted the signature.
- the second correspondent can convert a kPV signature to an unkeyed signature and transfer the entire signed message to a third part ⁇ ', who can then verify that: 1.
- the first correspondent signed both the hidden and visible parts of the message, 2. the second correspondent was the intended recipient of the message, and 3. the second correspondent has converted the signature honestly, i.e., that the revealed recovered confidential part of the message is correct (or that a failure to recover was caused by the first correspondent).
- the second correspondent can output the decryption key (for the symmetric-key encryption of the confidential part of the message) and use a zero-knowledge (ZK) proof of knowledge to convince the third part ⁇ ' that the key the second correspondent presents is the correct one. In other words, the second correspondent convinces the third part ⁇ ' that the decryption key was computed correctly without revealing his secret key.
- ZK zero-knowledge
- the new signature is made up of the old signature, the decryption key, and the proof of knowledge.
- the overhead is three values, one group element, one element the size of the group order, and one hash digest. Since conversion requires knowledge of the second correspondent's secret key, it is not possible for the first correspondent to create a signature and then create the converted version; only the second correspondent ma ⁇ ' perform the conversion. [0043] It is also possible to enable the first correspondent to convert a signature on its own, however, the result makes it clear that the second correspondent did not participate in the conversion.
- the second correspondent is the recipient of a kPV signature from the first correspondent, and that the second correspondent would like to show the confidential part of the message to the third part ⁇ '. Additionalh', the third part ⁇ ' should be able to verify that the first correspondent signed the confidential part of the message.
- Possible applications are forwarding kPV-signcrypted emails, or auditing electronic transactions (e.g., payments) that use keyed PV signatures. In the second application, it ma ⁇ ' be required that the first correspondent or the second correspondent reveal the hidden portion of a kPV signature to a third part ⁇ ' in a verifiable manner, for example, to resolve a dispute.
- Enabling the second correspondent to reveal k 2 to the third part ⁇ ' ma ⁇ ' not provide the desired verification.
- the ciphertext c 2 is fixed: since it is signed by the first
- E ⁇ l (c 2 .k(bar)) N2(bar for some N 2( bar) ⁇ N?', but still output as a valid ciphertext by the decryption algorithm (Recall that N 2 ' is the plaintext recovered by an honest second correspondent).
- Arbitrary E are not designed so that this is infeasible. Even assuming the second correspondent cannot find another k (bar) for which E ⁇ ' '(c k (bar) ) does not cause the verifier to abort, the first correspondent ma ⁇ ' have created her signature incorrectly, in particular she ma ⁇ ' create c 2 incorrectly. [0047] For example, the first correspondent might choose c 2 to be a random string.
- the third part ⁇ ' obtains (N2 or ⁇ ) and proof from the second correspondent that the first correspondent signed it.
- ⁇ In the case when the proof of knowledge is non-interactive, we denote it ⁇ .
- the new signature is then ($., cy, c 2 .Y, QB , ⁇ ), and G A and G B are required for verification.
- G A and G B are required for verification.
- Fig. 4 non-interactive proof and verification is now described. Given a kPV signature ($., cy, c 2 .Y) from the first correspondent to the second correspondent, the second correspondent' key pair (i3 ⁇ 4, 3 ⁇ 4), and the first correspondent's public key G A .
- Another extension enables a correspondent to convert her own signature.
- the first correspondent must keep the ephemeral secret, r, used when creating the signature.
- the first correspondent could set r as the output of a pseudorandom function, keyed with her secret key.
- the input would consist of V and a counter.
- the counter is important to ensure that no ephemeral value gets re-used. This still requires the first correspondent retain some state to store the counter, but it need not be secret.
- Another extension enables a correspondent to convert a received signature and store the converted signature for future use. Suppose that the first correspondent sends the second correspondent a kPV signature ($.,c 1 .C2.Y) that corresponds to the second
- the second correspondent stores the signature in its memory, but not the recovered confidential portion thereof. Later, the second correspondent ma ' be required to change its key pair, creating a new key pair (3 ⁇ 4?, 1 ⁇ 2) and deleting d b i.
- Such a key change is common in PKI systems, since limiting the time period during which a key is valid limits the risks associated with compromise of the key pair. Since the second correspondent ma ⁇ - not be able to recover the confidential portion of the signature after deleting d b i, it ma ⁇ ' convert the signature prior to such deletion to allow the second correspondent to verify the signature without knowledge of d b i.
- the second correspondent can convert the signature to be verifiable only with knowledge of [0062]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201161454445P | 2011-03-18 | 2011-03-18 | |
PCT/CA2011/050506 WO2012126085A1 (en) | 2011-03-18 | 2011-08-19 | Keyed pv signatures |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2686978A1 true EP2686978A1 (en) | 2014-01-22 |
EP2686978A4 EP2686978A4 (en) | 2014-12-24 |
EP2686978B1 EP2686978B1 (en) | 2017-03-15 |
Family
ID=46878566
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP11861544.2A Active EP2686978B1 (en) | 2011-03-18 | 2011-08-19 | Keyed pv signatures |
Country Status (5)
Country | Link |
---|---|
US (1) | US9088419B2 (en) |
EP (1) | EP2686978B1 (en) |
CN (1) | CN103444128B (en) |
CA (1) | CA2830285C (en) |
WO (1) | WO2012126085A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120008784A1 (en) * | 2010-07-08 | 2012-01-12 | Phillip Martin Hallam-Baker | Delegated Key Exchange System and Method of Operation |
WO2012126086A1 (en) * | 2011-03-18 | 2012-09-27 | Certicom Corp. | Secure financial transactions |
US8971528B2 (en) * | 2013-01-29 | 2015-03-03 | Certicom Corp. | Modified elliptic curve signature algorithm for message recovery |
CN103259661B (en) * | 2013-04-25 | 2016-04-27 | 河海大学 | Based on the Directed transitive signatures method of discrete logarithm |
US9852306B2 (en) * | 2013-08-05 | 2017-12-26 | International Business Machines Corporation | Conjunctive search in encrypted data |
US9646166B2 (en) | 2013-08-05 | 2017-05-09 | International Business Machines Corporation | Masking query data access pattern in encrypted data |
KR20150084221A (en) | 2014-01-13 | 2015-07-22 | 삼성전자주식회사 | Apparatus and Method for Resigning of Application Package and Terminal Apparatus for Running of the Application Package |
CN104135472B (en) * | 2014-07-14 | 2017-08-29 | 国电南瑞科技股份有限公司 | A kind of transformer station's command interaction method based on third-party authentication |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7249259B1 (en) * | 1999-09-07 | 2007-07-24 | Certicom Corp. | Hybrid signature scheme |
US20090129600A1 (en) * | 2007-11-15 | 2009-05-21 | Brickell Ernie F | Apparatus and method for a direct anonymous attestation scheme from short-group signatures |
US20090210716A1 (en) * | 2008-01-30 | 2009-08-20 | Liqun Chen | Direct anonymous attestation using bilinear maps |
US20110013771A1 (en) * | 2006-05-21 | 2011-01-20 | International Business Machines Corporation | Assertion message signatures |
Family Cites Families (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE69738931D1 (en) * | 1997-01-28 | 2008-10-02 | Matsushita Electric Ind Co Ltd | DEVICE FOR DIGITAL SUBMITTING WITH RECOVERY OF THE MESSAGE |
US7346580B2 (en) * | 1998-08-13 | 2008-03-18 | International Business Machines Corporation | Method and system of preventing unauthorized rerecording of multimedia content |
US6847951B1 (en) * | 1999-03-30 | 2005-01-25 | Pitney Bowes Inc. | Method for certifying public keys used to sign postal indicia and indicia so signed |
US7360080B2 (en) * | 2000-11-03 | 2008-04-15 | International Business Machines Corporation | Non-transferable anonymous credential system with optional anonymity revocation |
US7181017B1 (en) * | 2001-03-23 | 2007-02-20 | David Felsher | System and method for secure three-party communications |
US7231663B2 (en) * | 2002-02-04 | 2007-06-12 | General Instrument Corporation | System and method for providing key management protocol with client verification of authorization |
US7818792B2 (en) * | 2002-02-04 | 2010-10-19 | General Instrument Corporation | Method and system for providing third party authentication of authorization |
US20030190046A1 (en) * | 2002-04-05 | 2003-10-09 | Kamerman Matthew Albert | Three party signing protocol providing non-linkability |
US7613660B2 (en) * | 2002-12-30 | 2009-11-03 | Pitney Bowes Inc. | System and method for mail destination address information encoding, protection and recovery in postal payment |
EP1521390B1 (en) * | 2003-10-01 | 2008-08-13 | Hewlett-Packard Development Company, L.P. | Digital signature method and apparatus |
US7849317B2 (en) * | 2003-12-15 | 2010-12-07 | Pitney Bowes Inc. | Method for mail address block image information encoding, protection and recovery in postal payment applications |
US20050271207A1 (en) * | 2004-06-05 | 2005-12-08 | Helmut Frey | Method and system for chaotic digital signature, encryption, and authentication |
US7730319B2 (en) * | 2004-08-27 | 2010-06-01 | Ntt Docomo, Inc. | Provisional signature schemes |
US8467535B2 (en) * | 2005-01-18 | 2013-06-18 | Certicom Corp. | Accelerated verification of digital signatures and public keys |
JP5068176B2 (en) * | 2005-01-18 | 2012-11-07 | サーティコム コーポレーション | Enhanced verification of digital signatures and public keys |
JP4825199B2 (en) * | 2005-04-27 | 2011-11-30 | パナソニック株式会社 | Information security device and elliptic curve calculation device |
JP2008545323A (en) * | 2005-07-07 | 2008-12-11 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Method, apparatus and system for verifying authenticity of an object |
US8069346B2 (en) * | 2006-11-15 | 2011-11-29 | Certicom Corp. | Implicit certificate verification |
WO2009030021A1 (en) * | 2007-09-04 | 2009-03-12 | Certicom Corp. | Signatures with confidential message recovery |
JP5287727B2 (en) * | 2007-11-21 | 2013-09-11 | 日本電気株式会社 | Information communication system, organization device and user device |
EP2151947A1 (en) * | 2008-08-05 | 2010-02-10 | Irdeto Access B.V. | Signcryption scheme based on elliptic curve cryptography |
WO2012049629A1 (en) * | 2010-10-15 | 2012-04-19 | Certicom Corp. | Authenticated encryption for digital signatures with message recovery |
WO2012049630A1 (en) * | 2010-10-15 | 2012-04-19 | Certicom Corp. | Authenticated encryption for digital signatures with message recovery |
-
2011
- 2011-08-19 CA CA2830285A patent/CA2830285C/en active Active
- 2011-08-19 EP EP11861544.2A patent/EP2686978B1/en active Active
- 2011-08-19 WO PCT/CA2011/050506 patent/WO2012126085A1/en active Application Filing
- 2011-08-19 CN CN201180069424.8A patent/CN103444128B/en active Active
-
2012
- 2012-03-16 US US13/422,941 patent/US9088419B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7249259B1 (en) * | 1999-09-07 | 2007-07-24 | Certicom Corp. | Hybrid signature scheme |
US20110013771A1 (en) * | 2006-05-21 | 2011-01-20 | International Business Machines Corporation | Assertion message signatures |
US20090129600A1 (en) * | 2007-11-15 | 2009-05-21 | Brickell Ernie F | Apparatus and method for a direct anonymous attestation scheme from short-group signatures |
US20090210716A1 (en) * | 2008-01-30 | 2009-08-20 | Liqun Chen | Direct anonymous attestation using bilinear maps |
Non-Patent Citations (1)
Title |
---|
See also references of WO2012126085A1 * |
Also Published As
Publication number | Publication date |
---|---|
US9088419B2 (en) | 2015-07-21 |
CA2830285C (en) | 2016-11-08 |
WO2012126085A1 (en) | 2012-09-27 |
CN103444128A (en) | 2013-12-11 |
EP2686978A4 (en) | 2014-12-24 |
CN103444128B (en) | 2017-04-05 |
CA2830285A1 (en) | 2012-09-27 |
US20120239930A1 (en) | 2012-09-20 |
EP2686978B1 (en) | 2017-03-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Anderson et al. | Robustness principles for public key protocols | |
Lim et al. | A key recovery attack on discrete log-based schemes using a prime order subgroup | |
Blake-Wilson et al. | Authenticated Diffe-Hellman key agreement protocols | |
US9088419B2 (en) | Keyed PV signatures | |
CN108667626A (en) | The two sides cooperation SM2 endorsement methods of safety | |
US8661240B2 (en) | Joint encryption of data | |
US20120096274A1 (en) | Authenticated encryption for digital signatures with message recovery | |
US9800418B2 (en) | Signature protocol | |
Roy et al. | A survey on digital signatures and its applications | |
US20120096273A1 (en) | Authenticated encryption for digital signatures with message recovery | |
JP2013048417A (en) | Signcryption method and device, and corresponding signcryption verification method and device | |
KR20030062401A (en) | Apparatus and method for generating and verifying id-based blind signature by using bilinear parings | |
US9286602B2 (en) | Secure financial transactions | |
WO2012156254A1 (en) | A method for performing a group digital signature | |
US20150006900A1 (en) | Signature protocol | |
Lal et al. | ID based generalized signcryption | |
Pieprzyk et al. | Parallel authentication and public-key encryption | |
Jeng et al. | An ECC-based blind signature scheme | |
Zheng | Shortened digital signature, signcryption and compact and unforgeable key agreement schemes | |
WO2016187689A1 (en) | Signature protocol | |
Zheng | Signcryption or how to achieve cost (signature & encryption)<< cost (signature)+ cost (encryption) | |
Garrett et al. | Blinded Diffie-Hellman: Preventing Eavesdroppers from Tracking Payments | |
Ki et al. | Privacy-enhanced deniable authentication e-mail service | |
JP3862397B2 (en) | Information communication system | |
CA2892318C (en) | Signature protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20131010 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
A4 | Supplementary search report drawn up and despatched |
Effective date: 20141121 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/30 20060101ALI20141117BHEP Ipc: H04L 9/32 20060101AFI20141117BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20160912 |
|
GRAJ | Information related to disapproval of communication of intention to grant by the applicant or resumption of examination proceedings by the epo deleted |
Free format text: ORIGINAL CODE: EPIDOSDIGR1 |
|
GRAR | Information related to intention to grant a patent recorded |
Free format text: ORIGINAL CODE: EPIDOSNIGR71 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
INTC | Intention to grant announced (deleted) | ||
INTG | Intention to grant announced |
Effective date: 20170202 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 876558 Country of ref document: AT Kind code of ref document: T Effective date: 20170415 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602011036088 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20170315 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170615 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170616 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 876558 Country of ref document: AT Kind code of ref document: T Effective date: 20170315 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 7 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170615 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170717 Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170715 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602011036088 Country of ref document: DE |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 |
|
26N | No opposition filed |
Effective date: 20171218 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170831 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170831 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20170831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170819 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170819 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 8 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170831 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170819 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20110819 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170315 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 602011036088 Country of ref document: DE Representative=s name: MERH-IP MATIAS ERNY REICHL HOFFMANN PATENTANWA, DE Ref country code: DE Ref legal event code: R081 Ref document number: 602011036088 Country of ref document: DE Owner name: BLACKBERRY LIMITED, WATERLOO, CA Free format text: FORMER OWNERS: BLACKBERRY LIMITED, WATERLOO, ONTARIO, CA; CERTICOM CORP., MISSISSAUGA, ONTARIO, CA |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170315 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20220407 AND 20220413 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20230828 Year of fee payment: 13 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20230825 Year of fee payment: 13 Ref country code: DE Payment date: 20230829 Year of fee payment: 13 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 602011036088 Country of ref document: DE Ref country code: DE Ref legal event code: R081 Ref document number: 602011036088 Country of ref document: DE Owner name: MALIKIE INNOVATIONS LTD., IE Free format text: FORMER OWNER: BLACKBERRY LIMITED, WATERLOO, ONTARIO, CA |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20240530 AND 20240605 |